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Preliminary Classification: 
Proposed Class: 235 
Subclass: 380 
NOTE: "Alt applicants are requested to indude a preliminary classification on newfy fiied patent 

applications. The preliminary classification, preferably dass and subclass designations, should be 
identified in the upper right-hand comer of the fetter of transmittal accompanying the application 
papers, for example 'Proposed Class 2, subclass 129." M.P.EP. § 601, 7th ed. 




IN THE UNITED STATES PATENT AND TRADEMARK OFFICE £ S 

Box Patent Application 

Assistant Commissioner for Patents 

Washington, D.C. 20231 

NEW APPLICATION TRANSMITTAL 

Transmitted herewith for filing is the patent application of 
Inventors): Scott A. Vanstone 

WARNING: 37 C.F.R. § 1.41(a)(1) points out 

"(a) A patent is applied for in the name or names of the actual inventor or inventors. 

M (1) The inventorship of a ncnprorisionaf application is that inventorship set forth in the oath or 
declaration as prescribed by § 1.63, except as provided for in § 1.53(d)(4) and § 1.63(d). If an 
oath or declaration as prescribed by § 1.63 is not fiied during the pendency of a nonprovisional 
application, the inventorship is that inventorship set forth in the application papers filed pursuant 
to § 1.53(b), unless a petition under this paragraph accompanied by the fee set forth in § 1.17(0 
is fied supplying or changing the name or names of the inventor or inventors. x 

For (title): TRANSACTION VERIFICATION PROTOCOL FOR SMART CARDS 



CERTIFICATION UNDER 37 GJJL f 1.10* 
(Express Mat* label number is mandatory.) 

(Express MaS certification is optional) 

I hereby certify that this New Application Transmittal and the ckxxjments referred la ssl attached therein are being 

deposited with the United States Postal Service on this date Z6 July 1999 ^ in ^ ^gj^ 

as "Express Mail Post Office to Addressee," mailing Labef Number EL440665367US t ^ 

dressed to the: Assistant Commissioner for Patents, Washington, D.C. 20231. 

MMMN ^BBSfeSiEPPHER 




Signature of parson malting paper 

WARNING: Certificate of mailing (first dass) or facsimile transmisshn procedures of 37 OF.FL § 1.8 cannot be 
used to obtain a date of mailing or transmission for this correspondence. 

•WARNING: Each paper or fee nied by "Express MaiT must ha^ 'Express Mail" rnaiiing label 

placed thereon prior to mailing. 37 CfJl § 1.10(b). 

"Since the filing of correspondence under § 1.10 without the Express Mail mailing label thereon 
is an oversight that can be avoided by the exercise of reasonable care, requests for waiver of this 
requirement will not be granted on petition.' Notice of Oct 24, 1996, 60 Fed Reg, 56,439, at 56,442. 
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1. Type of Application 

This new application is for a(n) 

(check one applicable item below) 

B Original (nonprovisional) 

□ Design 
□ Plant 

WARNING: Do not use this transmittal for a completion in the US. of an international Application under 35 
U.S.C. § 371(c)(4), unless the International Application is being filed as a divisional, continuation 
or continuation-in-part application. 

WARNING: Do not use this transmittal for the filing of a provisional application. 

NOTE: If one of the following 3 items apply, then complete and attach ADDED PAGES FOR NEW APPLICATION 
TRANSMITTAL WHERE BENEFIT OF A PRiOR U.S. APPLICATION CLAIMED and a NOTIFICATION 
IN PARENT APPLICATION OF THE HUNG OF THIS CONTINUATION APPLICATION. 

□ Divisional. 

E3 Continuation. 

□ Continuation-in-part (C-l-P). 

2. Benefit of Prior U.S. Applications) (35 U.S.C. §§ 119(e), 120, or 121) 

NOTE: A nonprovisional application may claim an invention disclosed in one or more prior filed copending 
nonprovisional applications or copending international applications designating the United States of 
America. In order for a nonprovisional application to claim the benefit of a prior filed copending 
nonprovisional application or copending international application designating the United States of 
America, each prior application must name as an inventor at feast one inventor named in the later filed 
nonprovisional application and disclose the named inventor's invention claimed in at least one claim 
of the later filed nonprovisional application in the manner provided by the first paragraph of 35 U.S.C. 
§112. Each prior application must also be: 

(0 An international application entitled to a filing date in accordance with PCT Article 11 and 
designating the United States of America; or 

(li) Complete as set forth in § 1.51(b); or 

(iii) Entitled to a filing date as set forth in § 1.53(b) or § 1.53(d) and include the basic filing fee set 
forth in § 1.16; or 

(iv) Entitled to a filing date as set forth in § 1.53(b) and have paid therein the processing and retention 
fee set forth in § 1.21(0 vwf/7/n the time period set forth in § 1.53(f). 

37 C.F.R. § 1.78(a)(1). 

NOTE: If the new application being transmitted is a divisional, continuation or a continuation-in-part of a parent 
case, or where the parent case is an International Application which designated the U.S., or benefit 
of a prior provisional application is claimed, then check the following item and complete and attach 
ADDED PAGES FOR NEW APPLICATION TRANSMITTAL WHERE BENEFIT OF PRIOR U.S. APPLICA- 
TION^) CLAIMED. 

WARNING: If an application claims the benefit of the filing date of an earlier filed application under 35 U.S.C. 

§§ 120, 121 or 365(c), the 20-year term of that application will be based upon the filing date of 
the earliest U.S. application that the application makes reference to under 35 U.S.C. §§ 120, 121 
or 365(c). (35 U.S.C. § 154(a)(2) does not take into account, for the determination of the patent 
term, any application on which priority is claimed under 35 U.S.C. §§ 119, 365(a) or 365(b).) For 
a c-i-p application, applicant should review whether any claim in the patent that will issue is 
supported by an earlier application and, if not, the applicant should consider canceling the reference 
to the earlier filed application. The term of a patent is not based on a claim-by-daim approach. 
See Notice of April 14, 1995, 60 Fed. Reg. 20,195, at 20,205. 
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WARNING; When the last day of pendency of a provisional application falls on a Saturday, Sunday, or Federal 
holiday within the District of Columbia, any nonprovisionai application claiming benefit of the 
provisional application must be filed prior to the Saturday, Sunday, or Federal holiday within the 
District of Columbia. See 37 C.F.R. § 1.78(a)(3). 

□ The new application being transmitted claims the benefit of prior U.S. applica- 
tions). Enclosed are ADDED PAGES FOR NEW APPLICATION TRANSMITTAL 
WHERE BENEFIT OF PRIOR U.S. APPLICATIONS) CLAIMED. 

3. Papers Enclosed 

A. Required for filing date under 37 C.F.R. § 1.53(b) (Regular) or 37 C.F.R. § 1.153 
(Design) Application 

7 Pages of specification 

^ Pages of claims 

2 Sheets of drawing 

WARNING: DO NOT submit original drawings, A high quality copy of the drawings should be supplied when 
filing a patent application. The drawings that are submitted to the Office must be on strong, white, 
smooth, and non-shiny paper and meet the standards according to § 1.84. If corrections to the 
drawings are necessary, they should be made to the original drawing and a high-quality copy of 
the corrected original drawing then submitted to the Office. Only one copy is required or desired. 
For comments on proposed then-new 37 C.F.R § 1.84, see Notice of March 9, 1988 (1990 O.G. 
57-62). 

NOTE: "identifying indicia, if provided, should include the application number or the title of the invention, 
inventor's name, docket number (tf any), and the name and telephone number of a person to call if 
the Office is unable to match the drawings to the proper application. This information should be placed 
on the back of each sheet of drawing a minimum distance of 1.5 cm. (5/8 inch) down from the top 
of the page . . 37 C.FM. § 1.84(c)). 

(complete the following, if applicable) 

□ The enclosed drawing(s) are photograph(s), and there is also attached a 
"PETITION TO ACCEPT PHOTOGRAPH(S) AS DRAWING(S)/ 37 C.F.R. 
§ 1.84(b). 

□ formal 

□ informal 

B. Other Papers Enclosed 

L Pages of declaration and power of attorney 

L Pages of abstract 

Other 

4. Additional papers enclosed 

□ Amendment to claims 

□ Cancel in this applications claims before 

calculating the filing fee. (At least one original independent claim must be 
retained for filing purposes.) 

□ Add the claims shown on the attached amendment. (Claims added have 
been numbered consecutively following the highest numbered original 
claims.) 

□ Preliminary Amendment 

Q Information Disclosure Statement (37 C.F.R. § 1.98) 

S Form PTO-1449 (PTO/S8/08A and 08B) 

□ Citations 
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□ Declaration of Biological Deposit 

□ Submission of "Sequence Listing,* computer readable copy and/or amendment 
pertaining thereto for biotechnology invention containing nucleotide and/or 
amino acid sequence. 

□ Authorization of Attorney® to Accept and Follow Instructions from Representa- 
tive 

□ Special Comments 

□ Other 

5. Declaration or oath (including power of attorney) 

NOTE: A newly executed declaration is not required in a continuation or divisional application provided that 
the prior nonprovisionai application contained a declaration as required, the application being filed is 
by ail or fewer than all the inventors named in the prior application, there is no new matter in the 
application being filed, and a copy of the executed declaration filed in the prior application (showing 
the signature or an indication thereon that it was signed) is submitted. The copy must be accompanied 
by a statement requesting deletion of the names of person(s) who are not inventors of the application 
being fifed. If the declaration in the prior application was fifed under § 1.47, then a copy of that 
declaration must be filed accompanied by a copy of the decision granting § 1A7 status or, if a nonsigning 
person under § 1A7 has subsequently joined in a prior application, then a copy of the subsequently 
executed declaration must be fifed. See 37 C.F.R §§ 1.63(dX1H3). 

NOTE: A declaration filed to complete an application must be executed, identify the specification to which it 
is directed, identity each inventor by full name including family name and at hast one given name, without 
abbreviation together with any other given name or initial, and the residence, post office address and 
country or citizenship of each inventor, and state whether the inventor is a sole or joint inventor. 37 
C.F.R. § 1.63(aXlH*)- 

0 Enclosed Copy from parent application. 

Executed by Scott A. Vanstone 

(check all applicable boxes) 

0 inventors). 

□ legal representative of inventors). 
37 C.F.FL §§ 1.42 or 1.43. 

□ joint inventor or person showing a proprietary 
interest on behalf of inventor who refused to sign 
or cannot be reached. 

□ This is the petition required by 37 C.F.R. § 1 .47 and the statement 
required by 37 C.F.R. § 1.47 is also attached. See item 13 below 
for fee. 

□ Not Enclosed. 

NOTE: Where the filing is a completion in the U.S. of an Internationa! Application or where the completion of 
the U.S. application contains subject matter in addition to the Intsrr&tional Application, the application 
may be treated as a continuation or continuation-in-part, as the case may be, utilizing ADDED PAGE 
FOR NEW APPLICATION TRANSMITTAL WHERE BENEFIT OF PRIOR U.S. APPLICATION CLAIMED. 

□ Application is made by a person authorized under 37 C.F.R. § 1.41(c) on 
behaff of all the above named inventors). 

(The declaration or oath, along with the surcharge required by 37 C.F.R. § 1.16(e) 

can be filed subsequently). 

□ Showing that the filing is authorized. 

(not required unless called into question. 37 C.F.R. § 1.41(d)) 
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6. Inventorship Statement 

WARNING: if the named inventors are each not the inventors of alt the claims an explanation, including the 
ownership of the various claims at the time the iast claimed invention was made, shouid be 
submitted. 

The inventorship for ail the claims in this application are: 
B The same. 

or 

□ Not the same. An explanation, including the ownership of the various claims at 
the time the last claimed invention was made, 

□ is submitted. 

□ will be submitted. 

7. Language 

NOTE: An application including a signed oath or declaration may be fifed in a language other than English. 
An English translation of the non-English language application and the processing fee of $130.00 
required by 37 C.F.ft § 1.1 7(k) is required to be filed with the application, or within such time as may 
be set by the Office. 37 C.RR. § 1.52(d). 

S English 

□ Non-English 

□ The attached translation includes a statement that the translation is accu- 
rate. 37 C.F.R. § 1.52(d). 

8. Assignment 

Ek An assignment of the invention to CERTICOM CORP. , recorded 

24 July 1997, Reel 8627, Frame 0863 

□ is attached. A separate □ "COVER SHEET FOR ASSIGNMENT (DOCU- 
MENT) ACCOMPANYING NEW PATENT APPLICATION 1 ' or □ FORM PTO 
1595 is also attached. 

□ will follow. 

NOTE: 'If an assignment is submitted with a new application, send two separate letters-one for the application 
and one for the assignment' Notice of May 4, 1990 (1114 O.G. 77-78). 

WARNING: A newly executed "CERTIFICATE UNDER 37 C.F.R § 3. 73(b)" must be filed when a continuation- 
in-part application is fifed by an assignee. Notice of April 30, 1993, 1150 O.G. 62-64. 
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9. Certified Copy 

Certified copyfles) of application® 



Country 


Appln. No. 


Ried 


Country 


Appin. No. 


Filed 


Country 


Appln. No. 


Red 



from which priority is claimed 

□ is (are) attached. 

□ will follow. 

NOTE; The foreign application forming the basis for the daim for priority must be referred to in the oath or 
declaration. 37 C.F.R. § 1.55(a) and 7.63. 

NOTE: This item is for any foreign priority for which the application being filed directly relates. If any parent 
U.S. application or International Application from which this application claims benefit under 35 U.S.C. 
§ 120 is itself entitled to priority from a prior foreign application, then complete item 18 on the ADDED 
PAGES FOR NEW APPLICATION TRANSMITTAL WHERE BENEFIT OF PRIOR U.S. APPLICATION^) 
CLAIMED. 

10. Fee Calculation (37 C.F.R. § 1,16) 
A. S Regular application 



CLAIMS AS FILED 


Number filed 


Number Extra 


Rate 


Basic Fee 
37 C.F.R. § 1.16(a) 
$760.00 


Total 

Claims (37 C.F.R. 

§ 1.16(c)) 8 - 


20 = 0 X 


$ 18.00 


0 


Independent 

Claims (37 C.F.R. 

§ 1.16(b)) 2 - 


3 = Ox 


$ 78.00 


0 


Multiple dependent claim(s), 
if any (37 C.F.R. § 1.16(d)) 


+ 


$260.00 


0 



□ Amendment cancelling extra claims is enclosed. 

□ Amendment deleting multiple-dependencies is enclosed. 

□ Fee for extra claims is not being paid at this time. 

NOTE: If the fees for extra claims are not paid on filing they must be paid or the claims cancelled by amendment, 
prior to the expiration of the time period set for response by the Patent and Trademark Office in any 
notice of fee deficiency. 37 C.F.R J 1.16(d). 

Filing Fee Calculation S 760 

B. □ Design application 

($310.00-37 C.F.R. § 1.16(f)) 

Filing Fee Calculation $ 

C. □ Plant application 

($480.00—37 C.F.R. § 1.16(g)) 

Fiiing fee calculation $ 
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11. Small Entity Statement(s) 

□ Statement(s) that this is a filing by a small entity under 37 C.F.R. § 1 .9 and 1 .27 
is (are) attached. 

"Status as a small entity must be specifically established in each application or patent in which 
the status is available and desired. Status as a small entity in one application or patent does not 
affect any other application or patent, including applications or patents which are directly or 
indirectly dependent upon the application or patent in which the status has been established, Tne 
refiling of an application under § 1.53 as a continuation, division, or continuation-in-part (including 
a continued prosecution application under § 1.53(d)), or the filing of a reissue application requires 
a new determination as to continued entitlement to small entity status for the continuing or reissue 
application. A nonprovisional application claiming benefit under 35 U.S.C. § 119(e), 120, 121, or 
365(c) of a pn'or application, or a reissue application may rely on a statement filed in the prior 
application or in the patent if the nonprovisional application or the reissue application includes a 
reference to the statement in the pn'or application or in the patent or includes a copy of the 
statement in the prior application or in the patent and status as a small entity is still proper and 
desired. The payment of the small entity basic statutory filing fee will be treated as such a reference 
for purposes of this section." 37 C.F.R. § 1.28(a)(2). 

"Small entity status must not be established when the person or persons signing the. . . statement 
can unequivocally make the required self-certification.' M.P.E.P., § 503.03, 6th ed., rev. 2, July 
1996 (emphasis added). 

(complete the following, if applicable) 

□ Status as a small entity was claimed in prior application 

/ filed on _ ( from which benefit 

is being claimed for this application under: 

35 U.S.C. § □ 119(e), 

□ 120, 

□ 121, 

□ 365(c), 

and which status as a small entity is still proper and desired. 
□ A copy of the statement in the prior application is included. 
Filing Fee Calculation (50% of A, B or C above) 

$ 

NOTE: Any excess of the full fee paid will be refunded if small entity status is established and a refund request 
are filed within 2 months of the date of timely payment of a full fee. The two-month period is not 
extendable under § 1.136. 37 C.F.R. § 1.28(a). 

12. Request for International-Type Search (37 C.F.R. § 1.104(d)) 

(complete, if applicable) 

□ Please prepare an international-type search report for this application at the time 
when national examination on the merits takes place. 



WARNING: 



WARNING: 
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13. Fee Payment Being Made at This Time 

13 Not Enclosed 

H No filing fee is to be paid at this time. 

(This and the surcharge required by 37 C.F.R. § 1.16(e) can be paid 
subsequently.) 

□ Enclosed 

□ Filing fee § 

□ Recording assignment 
($40.00; 37 C.F.R. § 1.21(h)) 

(See attached "COVER SHEET FOR 
ASSIGNMENT ACCOMPANYING NEW 

APPLICATION".) $ 

□ Petition fee for filing by other than all the 
inventors or person on behalf of the inventor 
where inventor refused to sign or cannot be 
reached 

($130.00; 37 C.F.R. §§ 1.47 and 1.170) $ 

□ For processing an application with a 
specification in 

a non-English language 

($130.00; 37 C.F.R. §§ 1. 52(d) and 1.1 7(k)) $ 

□ Processing and retention fee 

($130.00; 37 C.F.R. §§ 1.53(d) and 1.21(1)) $ 

□ Fee for international-type search report 

($40.00; 37 C.F.R. § 1.21(e)) $ 



NOTE: 37 C.F.R § 1.210 establishes a he for processing and retaining any application that is abandoned for 
failing to complete the application pursuant to 37 C.F.R. § 1.53(f) and this, as well as the changes to 
37 C.F.R. §§ 1.53 and 1.78(a)(1), indcate that in order to obtain the benefit of a prior U.S. application, 
either the basic filing fee must be paid, or the processing and retention fee of § 1J21Q) must be paid, 
within 1 year from notification under § 53(f). 

Total fees enclosed $ 

14. Method of Payment of Fees 

□ Check in the amount of $ 

□ Charge Account No. _ in the amount of 

$ 

A duplicate of this transmittal is attached. 

NOTE* Fees should be itemized in such a manner that it is dear for which purpose the fees are paid 37CF.R 
§ 1.22(b). 
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15. Authorization to Charge Additional Fees 

WARNING: tf no fees are to be paid on filing, the following Hems should not be completed. 

WARNING: Accurately count claims, especially multiple dependent claims, to avoid unexpected high charges, 
if extra claim charges are authorized. 

□ The Commissioner is hereby authorized to charge the following additional fees 
by this paper and during the entire pendency of this application to Account No. 



□ 37 C.F.R. § 1.16(a), (f) or (g) (filing fees) 

□ 37 C.F.R. § 1.16(b), (c) and (d) (presentation of extra claims) 

NOTE: Because additional fees for excess or multiple dependent claims not paid on filing or on later presentation 
must only be paid or these claims cancelled by amendment prior to the expiration of the time period 
set for response by the PTO in any notice of fee deficiency (37 C.F.R. § 1.16(d)), it might be best not 
to authorize the PTO to charge additional claim fees, except possibly when dealing with amendments 
after final action. 

□ 37 C.F.R. § 1 .1 6(e) (surcharge for filing the basic filing fee and/or declaration 
on a date later than the filing date of the application) 

□ 37 C.F.R. § 1.17(a)(1H5) (extension fees pursuant to § 1.136(a)). 

□ 37 C.F.R. § 1.17 (application processing fees) 

NOTE: . A written request may be submitted in an application that is an authorization to treat any concurrent 
or future reply, requiring a petition for an extension of time under this paragraph for its timely submission, 
as incorporating a petition for extension of time for the appropriate length of time. An authorization to 
charge ail required fees, fees under § 1.17, or ail required extension of time fees will be treated as a 
constructive petition for an extension of time in any concurrent or future reply requiring a petition for 
an extension of time under this paragraph for its timely submission. Submission of the fee set forth in 
§ 1.17(a) will also be treated as a constructive petition for an extension of time in any concurrent reply 
requiring a petition for an extension of time under this paragraph for its timely submission 9 37 CFR 
§ 1.136(a)(3). 

□ 37 C.F.R. § 1.18 (issue fee at or before mailing of Notice of Allowance, 
pursuant to 37 C.F.R. § 1.311(b)) 

NOTE: V/here an authorization to charge the issue fee to a deposit account has been filed before the mailing 
of a Notice of Allowance, the issue fee will be automatically charged to the deposit account at the time 
ofmaifing the notice of allowance. 37 C.F.R. § 1.311(b). 

NOTE: 37 C.F.R. § 1.28(b) requires 'Notification of any change in status resulting in loss of entitlement to small 
entity status must be filed in the application . . . prior to paying, or at the time of paying, . . . the issue 
fee. . . ' From the wordng of 37 C.F.R. § 1.28(b), (a) notification of change of status must be made 
even if the fee is paid as 'other than a small entity' and (b) no notification is required if the change 
is to another small entity. 
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16. Instructions as to Overpayment 

NOTE: \ . . Amounts of twenty-five dollars or less will not be returned unless specifically requested within 
be returned by check or, if requested, by credit to a deposit account 0 37 C.F.R § 1.26(a), 

□ Credit Account No 

□ Refund 




SIGNATURE OF PRACTITIONER 



Reg. No. 24,483 



LAWRENCE A. MAXHAM 



Tel. No. ( 619) 233-9004 



{type or print name of attorney) 



BAKER & MAXHAM 
Symphony Towers 



P.O. Address 



Customer No. 



750 "B" Street, Suite 3100 
San Diego, California 92101 
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E Incorporation by reference of added pages 

(check the following item if the application in this transmittal claims the benefit of 
prior US. applications) (including an international application entering the U.S. 
stage as a continuation, divisional or C-l-P application) and complete and attach 
the ADDED PAGES FOR NEW APPLICATION TRANSMITTAL WHERE BENEFIT OF 
PRIOR U.S. APPLICATIONS) CLAIMED) 

(2 Pius Added Pages for New Application Transmittal Where Benefit of Prior U.S. 
Application® Claimed 

Number of pages added ^ 

Q Pius Added Pages for Papers Referred to in Item 4 Above 

Number of pages added ^ 

□ Plus added pages deleting names of inventor(s) named in prior application(s) 
who is/are no longer inventor(s) of the subject matter claimed in this application. 

Number of pages added 

□ Plus "Assignment Cover Letter Accompanying New Application" 

Number of pages added 

□ Statement Where No Further Pages Added 

(if no further pages form a part of this Transmittal, then end this Transmittal with 
this page and check the following item) 

□ This transmittal ends with this page. 
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Practitioner's Docket No. 



2189-19 



PATENT 



ADDED PAGES FOR APPLICATION TRANSMITTAL WHERE BENEFIT OF 
PRIOR VJS. APPLICATION® CLAIMED 

NOTE: See 37 CF.R § 7,78. 

17. Relate Back 

WARNING: If an application daims the benefit of the filing date of an earlier fifed application under 35 U.S.C. 



§§ 120, 121 or 365(c), the 20-year term of that application will be based upon the filing date of 
the earliest U.S. application that the application makes reference to under 35 U.S.C. §§ 120, 121 
or 365(c). (35 U.S.C. § 154(a)(2) does not take into account, for the determination of the patent 
term, any application on which priority is claimed under 35 U.S.C. §§ 119, 365(a) or 365(b).) For 
a c-i-p application, applicant should review whether any daim in the patent that will issue is 
supported by an earlier application and, if not, the applicant should consider canceling the reference 
to the earlier filed application. The term of a patent is not based on a dairrhby-daim approach. 
See Notice of April 14, 1995, 60 Fed. Reg. 20,195, at 20,205. 



d Amend the specification by inserting, before the first line, the following sentence; 
A. 35 U.S.C. § 119(e) 

NOTE: "Any ncnprovishnal application claiming the benefit of one or more prior filed copending provisional 
applications must contain or be amended to contain in the first sentence of the specification following 
the trite a reference to each such prior provisional application, identifying it as a provisional application, 
and inducing the provisional application number (consisting of series code and serial number). " 37 CF.R. 

□ This application claims the benefit of U.S. Provisional Application® No(s).: 



(complete the following, if applicable) 



APPLICATION NO(S).: 



FIUNG DATE 



n 



I. 



M 
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B. 35 U.S.C. §§ 120, 121 and 365(c) 



NOTE: "Except for a continued prosecution application filed under § 1.53(d), any nonprovisional application 
claiming the benefit of one or more prior filed copending nonprovisional applications or international 
applications designating the United States of America must contain or be amended to contain in the 
first sentence of the specification following the title a reference to each such prior application, identifying 
it by application number (consisting of the series code and serial number) or international application 
number and international filing date and Indicating the relationship of the applications. . . . Cross- 
references to other related applications may be made when appropriate." (See § 1.14(a)). 37 C.F.R. 
§ 1.78(a)®* 

B "This application is a 
B continuation 

□ continuation-in-part 

□ divisional 

of copending application® 

S application number 08 //9Qi5 45 filed on l/30/97__» 

□ International Application filed on 

and which designated the U.S." 

The proper reference to a prior filed PCT application that entered the U.S. national phase is the U.S. 
serial number and the fiiing date of the PCT application that designated the U.S. 

(1) Where the application being transmitted adds subject matter to the International Application, then 
the filing can be as a continuation-in-part or (2) if it is desired to do so for other reasons then the filing 
can be as a continuation. 

The deadline for entering the national phase in the U.S. for an international application was clarified 
in the Notice of April 28, 1987 (1079 O.G. 32 to 46) as follows: 

"The Patent and Trademark Office considers the International application to be pending until the 22nd 
month from the priority date if the United States has been designated and no Demand for International 
Preliminary Examination has been filed prior to the expiration of the 19th month from the priority date 
and until the 32nd month from the priority date if a Demand for International Preliminary Examination 
which elected the United States of America has been filed prior to the expiration of the 19th month 
from the priority date, provided that a copy of the international application has been communicated 
to the Patent and Trademark Office within the 20 or 30 month period respectively. If a copy of the 
international application has not been communicated to the Patent and Trademark Office within the 
20 or 30 month period respectively, the international application becomes abandoned as to the United 
States 20 or 30 months from the priority date respectMey. These periods have been placed in the rules 
as paragraph (h) of§ 1.494 and paragraph 0 of§ 1.495. A continuing application under 35 U.S.C. 365(c) 
and 120 may be filed anytime during the pendency of the international application.' 

□ "The nonprovisional application designated above, namely application 

/ , filed , claims the benefit of 

U.S. Provisional Application® No(s),: 



APPLICATION NO(S).: FILING DATE 



L 



□ Where more than one reference is made above, please combine ail references 
into one sentence. 



(Added Pages for Application Transmittal Where Benefit of Prior U.S. Application® Claimed 

[4-1.1}— page 2 of 5) 



18. Relate Back— 35 U.S.C. § 119 Priority Claim for Prior Application 

The prior U.S. application®, including any prior Internationa! Application designating the 
U.S., identified above in item 17B, in turn itself ciaim(s) foreign priority(ies) as follows: 

Country Appln. no. Filed on 

The certified copy(ies) has (have) 

□ been filed on , in prior application 0 / , which was 

filed on . 

□ is (are) attached. 

WARNING: The certified copy of the priority application that may have been communicated to the PTO by 
the International Bureau may not be relied on without any need to fife a certified copy of the priority 
application In the continuing application. This is so because the certified copy of the priority 
application communicated by the International Bureau is placed in a folder and is not assigned 
a US. serial number unless the national stage is entered. Such folders are disposed of if the national 
stage is not entered. Therefore, such certified copies may not be available if needed later in the 
prosecution of a continuing application. An alternative would be to physically remove the priority 
documents from the folders and transfer them to the continuing application. The resources required 
to request transfer, retrieve the folders, make suitable record notations, transfer the certified copies, 
enter and make a record of such copies in the Continuing Application are substantial. Accordingly, 
the priority documents in folders of international applications that have not entered the national 
stage may not be relied on. Notice of April 28, 1987 (1079 O.G. 32 to 46). 

1 9. Maintenance of Copendency of Prior Application 

NOTE: The PTO finds it useful if a copy of the petition filed mrthe priozrappMcation extending the term for 
response is filed with the papers constituting the*f3tog:oi the: continuation application. Notice of 
November 5, 1985 (1060 O.G. 27). 

A. □ Extension of time in prior applica4ibni 

(This item must be completed and the* papers filed ' in - the prior, application, 

if the periodb set: imtft& prior- appfo^om has* njn.$ 

EE A, petition^fee^and* response extends^ the terrmin:tbe v pendihcE prior application 
until' 

□ A copy of the petition filed In prior application^ attached. 

B. □ Conditional Petition for Extension of Time in Prior Application 

(complete this item t if previous item not applicable) 

□ A conditional petition for extension of time is being filed in the pending prior 
application. 

□ A copy of the conditional petition filed in the prior application Is attached. 



(Added Pages for Application Transmittal Where Benefit of Prior U.S. AppGcstion(s) Claimed 

£4-1,1] — page 3 of 5) 



20. Further Inventorship Statement Where Benefit of Prior Application(s) 
Claimed 

(complete applicable item (a), (bj and/or (c) below) 

(a) B This application discloses and claims only subject matter disclosed in the prior 

application whose particulars are set out above and the inventors) in this 
application are 

B the same. 

□ less than those named in the prior application. It is requested that the 
following inventors) identified for the prior application be deleted: 

(type name(s) of inventors) to be deleted) 

(b) □ This application discloses and claims additional disclosure by amendment and 

a new declaration or oath is being filed. With respect to the prior application, 
the inventor(s) in this application are 

□ the same. 

□ the following addrtional inventors) have been added: 

(type name(s) of inventors) to be added) 

(c) The inventorship for all the claims in this application are 
Q the same. 

□ not the same. An explanation, including the ownership of the various claims 
at the time the last claimed invention was made 

□ is submitted. 

□ will be submitted. 



(Added Pages for Application Transmittal Where Benefit of Prior U.S. Application® Claimed 

[4-1.1}— page 4 of 5) 



21 „ Abandonment of Prior Application (if applicable) 

□ Please abandon the prior application at a time while the prior application is 
pending, or when the petition for extension of time or to revive in that application 
is granted, and when this application is granted a filing date, so as to make this 
application copending with said prior application. 

NOTE: According to the Notice of May 13, 1983 (103, TMOG 6-7), the filing of a continuation or continuation-in- 
part application is a proper response with respect to a petition for extension of time or a petition to 
revive and shcuid include the express abandonment of the prior application conditioned upon the 
granting of the petition and the granting of a filing date to the continuing application. 

22. Petition for Suspension of Prosecution for the Time Necessary to 
File an Amendment 

WARNING: The claims of a new application may be finally rejected in the first Office action in those situations 
where (A) the new application is a continuing application of, or a substitute for, an earlier application, 
and (B) ail the claims of the new application (1) are drawn to the same invention claimed in the 
earlier application, and (2) would have been property finally rejected on the grounds of art of record 
in the next Office action rf they had been entered in the earlier application. * M.P.EP., § 706.07(b), 
7th ed. 

NOTE: Where it is possible that the claims on file will give rise to a first action final for this continuation application 
and for some reason an amendment cannot be filed promptly (e.g., experimental data is being gathered) 
it may be desirable to file a petition for suspension of prosecution for the time necessary. 

(check the next item, if applicable) 

□ There is provided herewith a Petition To Suspend Prosecution for the Time 
Necessary to File An Amendment (New Application Filed Concurrently) 

23. Small Entity (37 C.F.R § 1.28(a)) 

□ Applicant has established small entity status by the filing of a statement in parent 
application / on 

□ A copy of the statement previously filed is included. 

WARNING: See 37 C.F.R J 128(a). 

WARNING: 'Small entity status must not be established when the person or persons signing the . . . statement 
can unequivocally make the required self-certification. * M.P.E.P., § 509.03, 7th ed. (emphasis 
added), 

24. NOTIFICATION IN PARENT APPLICATION OF THIS FILING 

fi A notification of the filing of this 
(check one of the following) 

S continuation 

□ continuation-in-part 

□ divisional 

is being filed in the parent application, from which this application claims priority under 35 
LLS.C. § 120. 

(Added Pages for Application Transmittal Where Benefit Off Prior U.S. Application® Claimed 

[4-1.13— page 5 of 5) 



TRANSACTION VERIFICATION PROTOCOL FOR SMART CARDS 



The present invention relates to methods and apparatus for verifying the authenticity 
of partners in an electronic transaction. 

It has become widely accepted to conduct transactions such that as financial 
transactions or exchange of documents electronically. In order to verify the transaction, it is 
also well-known to "sign" the transaction digitally so that the authenticity of the transaction 
can be verified. The signature is performed according to a protocol that utilizes the message, 
i.e. the transaction, and a secret key associated with the party. Any attempt to tamper with 
the message or to use a key other than that of the signing party will result in an 
incompatibility between the message and the signature or will fail to identify the party 
correctly and thereby lead to rejection of the transaction. 

The signature must be performed such that the parties' secret key cannot be 
determined. To avoid the complexity of distributing secret keys, it is convenient to utilize a 
public key encryption scheme in the generation of the signature. Such capabilities are 
available where the transaction is conducted between parties having access to relatively large 
computing resources but it is equally important to facilitate such transactions at an individual 
level where more limited computing resources are available. 

Automated teller machines (ATMs) and credit cards are widely used for personal 
transactions and as their use expands, so the need to verify such transactions increases. 
Transaction cards are now available with limited computing capacity, so-called "Smart 
Cards," but these are not sufficient to implement existing digital signature protocols in a 
commercially viable manner. As noted above, in order to generate a digital signature, it is 
necessary to utilize a public key encryption scheme. Most public key schemes are based on 
the Diffie Helman Public key protocol and a particularly popular implementation is that 
known as DSS. The DSS scheme utilizes the set of integers Zp where p is a large prime. For 
adequate security, p must be in the order of 512 bits although the resultant signature may be 
reduced mod q, where q divides p-1 , and may be in the order of 160 bits. 

The DSS protocol provides a signature composed of two components r, s. The 
protocol requires the selection of a secret random integer k from the set of integers (0, 1, 
2,...q-l), i.e. 



ke (0,l,2,...q-l). 
The component r is then computed such that 
r = {(3 k modp} modq 

where p is a generator of q. 
The component s is computed as 

s = [ k" 1 (h(m)) + ar] mod q 

where m is the message to be transmitted, 
h(m) is a hash of the message, and 
a is the private key of the user. 

The signature associated with the message is then s,r which may be used to verify the 
origin of the message from the public key of the user. 

The value of p k is computationally difficult for the DSS implementation as the 
exponentiation requires multiple multiplications mod p. This is beyond the capabilities of a 
"Smart Card" in a commercially acceptable time. Although the computation could be 
completed on the associated ATM, this would require the disclosure of the session key k and 
therefore render the private key, a, vulnerable. 

An alternative encryption scheme that provides enhanced security at relatively small 
modulus is that utilizing elliptic curves in the finite field 2 m . A value of m in the order of 155 
provides security comparable to a 512 bit modulus for RSA and therefore offers significant 
benefits in implementation. Diffie Helman Public Key encryption utilizes the properties of 
discrete logs so that even if a generator p and the exponentiation p k is known, the value of k 
cannot be determined. 

A similar property exists with elliptic curves where the addition of two points on a 
curve produces a third point on the curve. Similarly, multiplying a point by an integer k 
produces a point on the curve. 

However, knowing the point and the origin does not reveal the value of the integer 6 n' 
which may then be used as a session key for encryption. The value kP, where P is an initial 
known point, is therefore equivalent to the exponentiation p k . 

Elliptic Curve Crytposystems (ECC) offer advantages over other public key 



cryptosystems when bandwidth efficiency, reduced computation, and minimized code space 
are application goals. 

The preferred embodiment of the present invention discloses a protocol optimized for 
an ECC implementation for use with a "smartcard" having limited computing capacity. The 
protocol has been found to provide superior performance relative to other smartcard protocols 
and is achievable with an ECC implementation. 

The protocol disclosed is appropriate for smartcard purchase applications such as 
those that might be completed between a terminal or ATM and a users personal card. The 
protocol provides a signature scheme which allows the card to authenticate the terminal 
without unnecessary signature verification which is an computationally intense operation for 
the smart card. The only signature verification required is that of the terminal identification 
(as signed by the certifying authority, or CA, which is essential to any such protocol. In the 
preferred embodiment, the protocol provides the card and terminal from fraudulent attacks 
from impostor devices, either a card or terminal. 

In accordance with the invention there is provided A method of verifying a pair of 
participants in an electronic transaction to permit exchange of information therebetween, 
each of the participants includes a memory and having a respective private key t, a and 
public key Y„ Y c stored therein, the public keys derived from a generator a and a respective 
ones of the private keys t, a, the method comprising the steps of: 

(a) a first of the participants generating a unique transaction identification information PID 
upon initiation of the electronic transaction; 

(b) the first participant forwarding to a second participant the transaction identification 
information PID and a first certificate CI, the first certificate being signed by a 
certification authority according to a predetermined algorithm and including an 
identification information TIU ID unique to the first participant and the public information 
Y t of the first participant; 

(c) the second participant verifying the first certificate CI, according to the predetermined 
algorithm, upon receipt thereof and extracting the identification information TIU ID and 
the public information Y t therefrom; 



(d) the second participant, upon verification of the first certificate CI, generating a first 
random integer R2; 

(e) the second participant generating a first and second signature components rl, si utilizing 
the public key Y, of the first participant and the private key a of the second participant, 
respectively according to a predetermined protocol; 

(f) the second participant forwarding a message to the first participant, including the 
signature components rl, si and a second certificate C2 signed by the certification 
authority according to a predetermined algorithm and including an identification 
information CID unique to the second participant and the public information Yc of the 
second participant; 

(g) the first participant verifying the second certificate C2 and extracting the identification 
information CID and public key Y c and verifying the authenticity of the second 
participant by extracting the transaction identification information PID from the received 
message and comparing the received transaction identification information PID to the 
transmitted value; 

(h) the first participant extracting the first random integer R2 from the received message and 
transmitting the first random integer R2 to the second participant to acknowledge 
verification of the second participant; and 

(i) the second participant verifying the authenticity of the first participant by comparing the 
received first random integer R2 to the generated first random integer R2 and transmitting 
a second random integer R3 to the first participant to acknowledging verification of the 
first participant, thereby permitting exchange of information between the participants. 

An embodiment of the invention will now be described by way of example only with 
reference to the accompanying drawings, in which: 

Figure 1 is a diagrammatic representation of a scanning terminal and personal 
transaction card; and 

Figure 2 is a chart that schematically illustrates the protocol. 

Referring therefore to figure 1, a scanner terminal 10 has an inductive coupling 12 to 

cooperate with a card 14. When a card 14 is passed through the inductive coupling 12 a 



transaction is recorded within a memory 16 on the card 14. Typically the transaction will 
debit the card with a set amount, e.g. an admission price, and the terminal 10 is credited a 
corresponding amount. The terminal is connected through a network to a central computer 
located at a financial institution that maintains records of transactions in a conventional 
manner. 

To avoid fraudulent transactions being recorded at either the card or terminal the 
protocol shown in figure 2 is utilized. 

Upon the scanner sensing the card through coupling 12, a unique purchase I.D. (PID) 
is generated by the terminal 10. The terminal 10 has a private key, t, stored in a secure 
location and a corresponding public key Y* equal to a'. The terminal 10 generates a message, 
Ml, consisting of the purchase I.D. PID and the transaction amount, TA. It also appends to 
the message Ml a certificate signed by the certifying authority CA that includes terminal 
identification information TIU ID and the public key Y t . The message Ml is received by the 
card 14. 

Card 14 has a private key a stored securely in memory 16 and a public key Y c equal to 
ct a . (a is the generator point for the curve). The card verifies the terminals certificate as 
signed by the certifying authority CA according to a normal elliptic curve scheme. Having 
verified the certificate, the card generates a pair of random numbers R2 and R3 and signs the 
unique purchase I.D. PID using the terminals public key according to an established protocol. 

To effect signing, the card generates a random integer k and computes a session 
parameter ct k . It also computes Y t k and generates signature components rl and si. 

The component rl is provided by M2. Y t k mod L where: 
M2 is the message TA//TIU ID//R2//PID, and 

L = 2'-l and 1 is an integer greater or equal to the number of bits in M2. (// 
signifies concentration). 

The component si is provided by lua+k mod q where: 

q is the order of the curve and 

hisahashh(M2//a k //R3). 
The card now sends signature components rl , si the hash h and a certificate issued by 



the certifying authority CA containing its ID and public key to the terminal 10. 

The terminal verifies the cards credentials as signed by the CA. Given the hash h and 
si it can calculate the value oc kt and thereby recover the message M2 from rl using the cards 
public key. As the message M2 includes the PID, the terminal is able to verify the 
authenticity if the card 10. 

The recovered message includes R2 which is then returned to the card 10 to prove 
that the terminal is extracting R2 in real time, i.e. during the transit of the card through the 
coupling 12, using its private key. This also prevents a reply attack by the terminal 10. 

The receipt of R2 also serves to acknowledge provision of the service. Upon receipt, 
the card checks R2 to ensure the message was recovered using the terminals private key. 
This confirms that the card was talking to the terminal rather than a fraudulent device which 
would not have the private key, t, available. 

If the card confirms the receipt of R2, it transmits the random R3 to the terminal 10 to 
complete the transaction. R3 is required for card signature verification by the bank and so R3 
is retained by the terminal 10 for central processing purposes. R3 is not released by the card 
until it has received R2 which confirms that the terminal 10 is performing computations in 
real time. 

The terminal 10 is required to submit to the financial institution the stored values of 
R2, R3, TA, PID, TIU ID, si and a k in addition to the credentials of both card and terminal 
1 0. With this information the bank card is able to reproduce hash h, i.e. h(M2//ot k //R3) by 
using the cards public key Y e to prove that the transaction was authentic. 

It will be noted that the last two passes are essentially trivial and do not require 
computation. Accordingly the computation required by the card is minimal, being restricted 
to one verification and one signature that involves two exponentiations, with the balance 
avoiding computationally intense operations. 

As indicated in figure 2, an ECC implementation is the field 2 155 using an anomalous 
curve of this protocol would result in less bandwidth (1533 bits) and reduced computation for 
the smartcard (31,000 clock cycles). The computational savings over previous protocols are 
possible due to features of the elliptic curve signature scheme used by the smartcard. 



The particular benefits and attributes may be summarized as: 

1 . The purchase identifier PID is unique and is required to prevent terminal replay to 
the bank. If the purchase identifier is not unique, a random number Rl will also 
be required to provide the equivalent of the PID. 

2. The random bit string R2 is required to prevent replay to the card. 

3. A hash function (h) such as the SHA1 is required to prevent modification of the 
message (m) and the terminal's identification (TIU ID). 

4. There appears to be no advantage to having the transaction amount signed by the 
terminal, resulting in one less signature verification for the card. The reason for 
this is that the message signed by the card contains a random number R2 which 
can only be recovered by the terminal. 

5. Using this scheme, the message m may only be recovered by the terminal (note 
the terminal's public key is used in step III therefore requiring the terminal's 
private key to verify and recover contents). By demonstrating to the card that the 
random string (R2) was obtained from the message, the terminal can be 
authenticated to the card. 
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We Claim: 



1 . A method of verifying a pair of participants in an electronic transaction to permit exchange 
of information therebetween, each of said participants includes a memory and having a 
respective private key t, a and public key Y„ Y e stored therein, said public keys derived from 
a generator a and a respective ones of said private keys t, a, said method comprising the steps 
of: 

(a) a first of said participants generating a unique transaction identification information PID 
upon initiation of said electronic transaction; 

(b) said first participant forwarding to a second participant said transaction identification 
information PID and a first certificate CI, said first certificate being signed by a 
certification authority according to a predetermined algorithm and including an 
identification information TIU ID unique to said first participant and said public 
information Y t of said first participant; 

(c) said second participant verifying said first certificate CI, according to said predetermined 
algorithm, upon receipt thereof and extracting said identification information TIU ID and 
said public information Y, therefrom; 

(d) said second participant, upon verification of said first certificate CI, generating first and 
second random integers R2 and R3, respectively; 

(e) said second participant generating a third random integer k and computing a session 
parameter a k by exponentiating a function including said generator to a power k and 
exponentiating said public key Y, to a power k to produce a session key Y t k ; 

(f) said second participant generating a first signature component rl by signing said 
transaction identification information PID utilizing said public key Y, of said first 
participant and generating a second signature component si by signing said first random 
integer R2 utilizing said private key a of said second participant, said signatures being 
generated according to a predetermined protocol . 

(g) said second participant forwarding a message to said first participant, including said 
signature components rl, si and a second certificate C2 signed by said certification 



authority according to a predetermined algorithm and including an identification 
information CID unique to said second participant and said public information Yc of said 
second participant; 

(h) said first participant verifying said second certificate C2 and extracting said identification 
5 information CID and public key Y c and verifying the authenticity of said second 

participant by extracting said transaction identification information PID from said 
received message and comparing said received transaction identification information PID 
to said transmitted value; 

(i) said first participant extracting said first random integer R2 from said received message 
l o and transmitting said first random integer R2 to said second participant to acknowledge 

verification of said second participant; 
(j) said second participant verifying the authenticity of said first participant by comparing 
said received first random integer R2 to said generated first random integer R2 and 
transmitting said second random integer R3 to said first participant to acknowledging 
1 5 verification of said first participant, thereby permitting exchange of information between 

said participants. 

3. A method as defined in claim 1, wherein said first participant forwards a transaction 
amount TA with said identification PID. 

20 

4. A method as defined in claim 1, wherein said first signature component rl combines said 
session key Y t k and a message M2, indicative of the concatenation of said identification 
information TIU ID, said first random information R2, and said transaction identification 
information PID. 

25 

5. A method as defined in claim 3, wherein said first signature component rl is of the form 
M2* Y t k modL. 
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6. A method as defined in claim 3, wherein said second signature component si is of the 
form h*a + k mod q, where q is the order of an elliptic curve, h is a hash of the 
concatenation of said second random integer R3, said session parameter <x k and said 
message M2. 

7. A method as defined in claim 5, including in step (g) of claim 1 forwarding said hash to 
said first participant. 

8. A method of verifying a pair of participants in an electronic transaction to permit 
exchange of information therebetween, each of said participants includes a memory and 
having a respective private key t, a and public key Y„ Y c stored therein, said public keys 
derived from a generator a and a respective ones of said private keys t, a, said method 
comprising the steps of: 

(a) a first of said participants generating a unique transaction identification information PID 
upon initiation of said electronic transaction; 

(b) said first participant forwarding to a second participant said transaction identification 
information PID and a first certificate CI, said first certificate being signed by a 
certification authority according to a predetermined algorithm and including an 
identification information TIU ID unique to said first participant and said public 
information Y, of said first participant; 

(c) said second participant verifying said first certificate CI, according to said predetermined 
algorithm, upon receipt thereof and extracting said identification information TIU ID and 
said public information Y t therefrom; 

(d) said second participant, upon verification of said first certificate CI, generating a first 
random integer R2; 

(e) said second participant generating a first and second signature components rl, si utilizing 
said public key Y t of said first participant and said private key a of said second participant, 
respectively according to a predetermined protocol; 



(f) said second participant forwarding a message to said first participant, including said 
signature components rl, si and a second certificate C2 signed by said certification 
authority according to a predetermined algorithm and including an identification 
information CID unique to said second participant and said public information Yc of said 
second participant; 

(g) said first participant verifying said second certificate C2 and extracting said identification 
information CID and public key Y e and verifying the authenticity of said second 
participant by extracting said transaction identification information PID from said 
received message and comparing said received transaction identification information PID 
to said transmitted value; 

(h) said first participant extracting said first random integer R2 from said received message 
and transmitting said first random integer R2 to said second participant to acknowledge 
verification of said second participant; and 

(i) said second participant verifying the authenticity of said first participant by comparing 
said received first random integer R2 to said generated first random integer R2 and 
transmitting a second random integer R3 to said first participant to acknowledging 
verification of said first participant, thereby permitting exchange of information between 
said participants. 



ABSTRACT 

A protocol appropriate for smartcard purchase applications such as those that might be 
completed between a terminal or ATM and a users personal card is disclosed. The protocol 
provides a signature scheme which allows the card to authenticate the terminal without 
unnecessary signature verification which is an computationally intense operation for the 
smart card. The only signature verification required is that of the terminal identification (as 
signed by the certifying authority, or CA, which is essential to any such protocol). In the 
preferred embodiment, the protocol provides the card and terminal from fraudulent attacks 
from impostor devices, either a card or terminal. 
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